On Tue, Jun 13, 2017 at 04:59:30PM -0400, Mimi Zohar wrote: > Assuming you want to support container specific executables, you would > want them specifically signed by a key not on the system IMA keyring.
Yes, this is a good point. Cheers, Tycho
- Re: [PATCH v4] Introduce v3 namespaced file capabilities Stefan Berger
- Re: [PATCH v4] Introduce v3 namespaced file capabilit... Tycho Andersen
- Re: [PATCH v4] Introduce v3 namespaced file capab... Stefan Berger
- Re: [PATCH v4] Introduce v3 namespaced file c... Tycho Andersen
- Re: [PATCH v4] Introduce v3 namespaced file capab... James Bottomley
- Re: [PATCH v4] Introduce v3 namespaced file c... Tycho Andersen
- Re: [PATCH v4] Introduce v3 namespaced fi... Stefan Berger
- Re: [PATCH v4] Introduce v3 namespac... Tycho Andersen
- Re: [PATCH v4] Introduce v3 name... Stefan Berger
- Re: [PATCH v4] Introduce v3 name... Mimi Zohar
- Re: [PATCH v4] Introduce v3 ... Tycho Andersen
- Re: [PATCH v4] Introduce v3 namespaced file capabilit... Serge E. Hallyn
- Re: [PATCH v4] Introduce v3 namespaced file capab... Stefan Berger
- Re: [PATCH v4] Introduce v3 namespaced file c... Serge E. Hallyn
- Re: [PATCH v4] Introduce v3 namespaced fi... Stefan Berger
- Re: [PATCH v4] Introduce v3 namespac... Serge E. Hallyn
- Re: [PATCH v4] Introduce v3 namespaced file capabilit... Serge E. Hallyn
- Re: [PATCH v4] Introduce v3 namespaced file capab... Serge E. Hallyn
